php – getimagesize()on stream而不是string

$pathToFile = $path . $filename;

//Here I get a file not found error,because the file is not yet at this address
getimagesize($pathToFile);

$input = fopen('php://input','r');
$temp = tmpfile();
$realSize = stream_copy_to_stream($input,$temp);

//Here I get a string expected,resource given error 
getimagesize($input);

fclose($input);

$target = fopen($pathToFile,'w');
fseek($temp,SEEK_SET);

//Here I get a file not found error,because the image is not at the $target yet
getimagesize($pathToFile);

stream_copy_to_stream($temp,$target);
fclose($target);

//Here it works,because the image is at the desired location so I'm able to access it with $pathToFile. However,the (potentially) malicious file is already in my server.
getimagesize($pathToFile);

问题是我想在这里使用getimagesize()执行一些文件验证. getimagesize只支持一个字符串,我只有资源可用,这会导致错误：getimagesize需要一个字符串,给定资源.

当我在脚本结束时执行getimagesize($pathTofile)时它确实有效,但是图像已经上传并且损坏已经完成了.执行此操作并在之后执行检查然后可能删除te文件对我来说似乎是不好的做法.

$_REQUEST中唯一的东西是文件名,我用它来var $pathToFile. $_FILES是空的.

如何在流上执行文件验证？

编辑：
解决方案是首先将文件放在临时目录中,然后在临时文件上执行验证,然后再将其复制到目标目录.

// Store the file in tmp dir,to validate it before storing it in destination dir
$input = fopen('php://input','r');
$tmpPath = tempnam(sys_get_temp_dir(),'upl'); // upl is 3-letter prefix for upload
$tmpStream = fopen($tmpPath,'w'); // For writing it to tmp dir
stream_copy_to_stream($input,$tmpStream);
fclose($input);
fclose($tmpStream);

// Store the file in destination dir,after validation
$pathToFile = $path . $filename;
$destination = fopen($pathToFile,'w');
$tmpStream = fopen($tmpPath,'r'); // For reading it from tmp dir
stream_copy_to_stream($tmpStream,$destination);
fclose($destination);
fclose($tmpStream);